10
| Palo Alto Networks User-ID Services
Amigopod
|Technical Note
•
Username Suffix
: The Palo Alto Networks plugin versions 0.7.0 and later allow
you to optionally specify a suffix to add to usernames, e.g.,
#{$user.sponsor_name}
4.
Click
Save Configuration
to save your settings. The configuration of the plugin is
complete.
Check Palo Alto Networks Version and Setup
Palo Alto Networks firewalls and Agent Software are required to be running the following
software releases in order to support the XML API for the User-ID integration:
•
Firewall Software Version 3.1.0 or later
•
User-ID Agent Software Version 3.1.0 or later
In the test environment referenced in this document, the Palo Alto Networks firewall was
deployed in a simple
VWire
or virtual wire deployment mode as shown below.
In a virtual wire deployment, the firewall is installed transparently on a network segment
by binding two ports together. You can install the firewall in any network environment
with no configuration of adjacent network devices required. If necessary, a virtual wire
can block or allow traffic based on the virtual LAN (VLAN) tag values. By default, the
virtual wire “default-vwire” binds together Ethernet ports 1 and 2 and allows all untagged
traffic.
This configuration will not suit all deployments and it is not a mandatory requirement for
the integration with Amigopod. The actual design and deployment of the Palo Alto
Networks firewall is outside of the scope of this document and the reader is encouraged to
consult the Palo Alto Networks documentation and/or their Palo Alto Networks Networks
reseller or representative.
A very simplistic
Policy
configuration has been adopted for the test environment that is
forwarding bi-directional traffic between the
Trust
and
UnTrust
zones.
Again this configuration will certainly not suit all deployments but Palo Alto Networks
policy definitions are considered to be out of scope for this document.
